JEFFERSON CITY — There is no way of knowing where thousands of redistributed state computers containing sensitive information have ended up, State Auditor Claire McCaskill said during a news conference Thursday in her Capitol office.
An audit conducted in May and June found that government computers set to be redistributed were not properly cleared of personal information, including Social Security numbers, bank records, computer network access information and medical data.
McCaskill said more than 60 percent of computers released to the public over the past few years had not been properly cleared. Inexpensive and easily available software can be used to retrieve information that is not entirely cleared from a computer’s hard drive.
The findings, McCaskill said, “should cause some concern among Missourians about the privacy of information the government holds on their behalf.”
“The unfortunate part about this audit was that this was discussed in a state IT meeting in February of 2003,” McCaskill said, “but in spite of the fact of it being recognized as a potential problem, nothing had been done until this audit.”
The tested computers were taken from the Missouri State Agency for Surplus Property on various dates in May and June. The agency receives computers from all state departments, then sells them.
Not-for-profit organizations buy some; others are sold at public auctions or to school districts.
“Our policy is that the hard drives must be clear before we get the computers,” said surplus properties director Marilyn Trachsel, although she conceded her agency has no way to check whether the hard drives have been properly cleared.
The report recommended that state departments set protocols outlining who is responsible for clearing computers’ hard drives and establishing a process for testing computers before they’re sent to the surplus property agency.
The audit reported that representatives of the departments involved have promised to comply.